Pattern 7 : Authentication Failure
Classification
Rule Name | Rule Type | Classification | Common Event |
|---|---|---|---|
| Authentication Failure (Root) | Sub Rule | Authentication Failure | User Logon Failure |
| Pattern 7 : Authentication Failure | Base Rule | Authentication Failure | Authentication Failure Activity |
| Authentication Failure | Sub Rule | Authentication Failure | Authentication Failure Activity |
| Authentication Failure | Sub Rule | Authentication Failure | User Logon Failure |
| Authentication Failure (Root) From Host | Sub Rule | Authentication Failure | User Logon Failure |
Mapping with LogRhythm Schema
Device Key in Log Message | LogRhythm Schema | Data Type |
|---|---|---|
| SAU2 | <severity> | Number |
| Oct 26 10:08:29 | <dname> | Text/String |
| N/A | <process> | Text/String |
| N/A | <processid> | Number |
| logname | <account> | N/A |
| rhost | <sip> | N/A |
| N/A | <sname> | Text/String |
| user | <login> | Text/String |
| N/A | <tag1> | Text/String |